"Critical PHP Flaw Exposes QNAP NAS Devices to RCE Attacks"

QNAP has issued a warning to customers that some of its Network Attached Storage (NAS) devices (with non-default configurations) are vulnerable to attacks that take advantage of a three-year-old critical PHP vulnerability, which allows Remote Code Execution (RCE). According to QNAP, the vulnerability affects PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11. The warning follows another recent alert from the NAS maker to its customers to protect their devices from active attacks involving DeadBolt ransomware payloads. According to sample submissions on the ID Ransomware platform and multiple user reports who had their systems encrypted, ech0raix ransomware has resumed targeting vulnerable QNAP NAS devices. The infection vector used in these new DeadBolt and ech0raix campaigns is unknown until QNAP releases more information about ongoing attacks. While QNAP works to patch the PHP vulnerability in all vulnerable firmware versions, users should ensure that their device is not connected to the Internet to prevent incoming attacks. This article continues to discuss the PHP flaw exposing QNAP NAS devices to RCE attacks and the recent targeting of QNAP devices in ransomware attacks. 

Bleeping Computer reports "Critical PHP Flaw Exposes QNAP NAS Devices to RCE Attacks"